Google is always working on improving its Android apps and the operating system itself, heavily relying on public a/b tests that appear on some people's phones but not on others. But every once in a while, the company takes the time to announce some features formally, and today is another one of those days. Google is making a whole slew of known tests and a few brand-new changes official.
Google has formally announced a slew of Android and Google apps features today, and among them is a neat new security tool for anyone who uses Google's autofill password manager on Chrome and Android. The company has added Chrome's Password Checkup to the operating system, checking your app logins against known breaches. The autofill tool is also getting support for password generation and biometric authentication.
Your online accounts are much safer when you rely on more than only a password, and that's where two-factor authentication (2FA) apps come in. You can use them to create an extra layer of security for your accounts, requiring you to enter a one-time password (OTP) in addition to your regular credentials when you log in. That prevents hackers from accessing your account with a stolen password only.
According to an email Google is sending out to Wear OS developers, sideloading apps that aren't available on the Play Store is about to get a lot more complicated starting March 10. You'll no longer be able to sideload apps from your phone via the Play Store -> Apps on your phone section on watches, making it next to impossible to add unapproved apps to your watch without turning to tools meant for developers, like the Android Debug Bridge (ADB).
Microsoft Authenticator started out as a humble two-factor authentication app, but it was promoted to a proper password manager back in December, complete with syncing to Microsoft Edge. The browser was also the only way to go if you wanted to import passwords from elsewhere to the Authenticator, but that will soon be a thing of the past. The latest beta version of Microsoft Authenticator supports importing credentials in the CSV format.
Android 11 introduced a new file accessing API, Scoped Storage. It essentially doesn't allow apps to access all files on your phone anymore, which is great for security. However, Scoped Storage also comes with some unwanted consequences. Non-Pixel phones running Android 11 have to ask users to confirm that they want to delete or restore images in Google Photos since the app isn't allowed to delete and restore files without explicit user consent anymore. Luckily, there's a fix for some phones.
Telegram is the messaging platform of choice for millions around the world. A big part of its appeal has been the privacy features that it has to offer, but is it really as secure as users think? A new report looks to how the service's People Nearby feature can be exploited to reveal the location of other users without much difficulty.
T-Mobile has confirmed to Android Police it has shut down a data breach operation that may have harvested a small group of customers' phone numbers, number of lines per account, and call diagnostic metrics. Customers who may have been affected were alerted via text message yesterday and told that the event took place in November.
Back in November, we found out that a good chunk of websites using Let's Encrypt certificates would stop working on older Android devices next year. The cause was an expiring partnership with IdenTrust, who cross-signed the company's keys for older platforms. Thankfully, a solution has been established, and sites using Let's Encrypt certificates don't have to worry about issues with older Android devices next year anymore.
Microsoft is taking on the field of password management, but the way it's doing so has some raising their eyebrows: the feature is embedded as a public preview into Microsoft Authenticator. The app is now ready to generate, store, and autofill passwords for those who link their non-enterprise Microsoft account.